All Products
Search
Document Center

Security Center:Release notes

Last Updated:Sep 04, 2024

This topic describes the release notes for Security Center and provides links to the relevant references.

August 2024

Feature

Category

Description

Involved edition

Release date

References

Threat analysis and response

Feature iteration

New basic orchestration group aliyuncloudOpenAPI is added.

Security Center editions for which the threat analysis and response feature is enabled

2024-08-30

Use SOAR

Feature iteration

Logs of the third-party cloud service providers such as Chaitin WAF and FortiGate Firewall can be added to the threat analysis and response feature.

Security Center editions for which the threat analysis and response feature is enabled

2024-08-20

Add logs of cloud services

Application protection

Feature iteration

Runtime circuit breaking feature is available.

Security Center editions for which the application protection feature is enabled

2024-08-19

Use the application protection feature

Configuration assessment

Feature iteration

  • Pay-as-you-go billing method with price reductions is changed to the tiered pricing mode.

  • Subscription billing method with price reductions is changed to the tiered pricing mode.

Security Center editions for which the configuration assessment feature is enabled

2024-08-19

Application protection

Feature iteration

AI-powered analysis of attack alerts and in-memory webshell detection alerts is available to provide detailed explanations and reasoning for users.

Security Center editions for which the application protection feature is enabled

2024-08-16

Handle attack alerts

Configuration assessment

Feature iteration

  • The number of check items that you can use free of charge is increased.

  • Whitelist policy management feature is added.

All editions

2024-08-02

Serverless asset protection

Feature iteration

  • Public review is complete and the serverless asset protection feature of Security Center is available for commercial use.

  • Elastic Container Instances (ECI), ACK Serverless cluster, and Serverless App Engine can be added to the serverless asset protection feature for security risk detection.

All editions

2024-08-02

Use the serverless asset protection feature

Application protection

Feature iteration

A toggle for decompiling Java files is available on the details page of the in-memory webshell detection alerts.

Security Center editions for which the application protection feature is enabled

2024-08-01

Use the in-memory webshell prevention feature

Log analysis

Feature iteration

V2.0 log dictionaries are released and the upgrade from V1.0 log dictionaries to V2.0 is available.

Security Center editions for which the log analysis feature is enabled

2024-08-01

July 2024

Feature

Category

Description

Involved edition

Release date

References

SDK for malicious file detection

Feature iteration

SDK for malicious file detection can decrypt and check OSS objects that are encrypted by using a server-side encryption method.

Security Center editions for which the SDK for malicious file detection feature is enabled

2024-07-26

SDK for malicious file detection

Agentless detection

Feature iteration

Agentless detection enables the snapshot feature and the image check feature.

Security Center editions for which the agentless detection feature is enabled based on the pay-as-you-go billing method

2024-07-08

Use the agentless detection feature

Threat analysis and response

Feature iteration

SOAR playbook can be copied.

Security Center editions for which the threat analysis and response feature is enabled

2024-07-03

Use SOAR

Core file monitoring

Feature iteration

The best practice document for configuring the core file monitoring feature is added. The document describes the configurations of monitoring rules and provides examples.

Enterprise and Ultimate

2024-07-01

Best practices for configuring the core file monitoring feature

June 2024

Feature

Category

Description

Involved edition

Release date

References

SDK for malicious file detection

Feature iteration

The results of malicious file detection that is performed by calling API operations are displayed in the list of at-risk files in the Security Center console.

Security Center editions for which the SDK for malicious file detection feature is enabled

2024-06-28

View detection results

Malicious file detection logs can be delivered to the Logstore dedicated to Security Center.

Malicious file detection logs

DingTalk chatbots can be added to send notifications. You can receive real-time notifications of detected malicious files in the DingTalk group that you specify.

Configure notification settings on the DingTalk Chatbot tab

Vulnerability management

Feature iteration

The vulnerability management feature can be used to scan servers that use SUSE and Kylin operating systems for vulnerabilities.

All editions

2024-06-20

Overview of vulnerability management

Application protection

Feature iteration

  • The statistics on application processes on the assets that you can add to the application protection feature are collected, and the list of the application processes is provided.

  • Assets on which application vulnerabilities are detected can be added to the application protection feature on the Application Vulnerability tab of the Vulnerabilities page.

  • The statistics on and trend chart of vulnerability prevention are provided on the Application Analysis tab of the Application Protection page.

Security Center editions for which the quota for the application protection feature is purchased

2024-06-19

Overview of application protection

Threat analysis and response

Feature iteration

EdgeRoutine logs, access logs, and Web Application Firewall (WAF) logs of Dynamic Content Delivery Network (DCDN) can be added to the threat analysis and response feature. The added logs are processed by using threat detection, event handling, Security Orchestration Automation Response (SOAR), and log storage capabilities.

Security Center editions for which the threat analysis and response feature is enabled

2024-06-19

Overview of threat analysis and response

Baseline check

Feature iteration

Debian 10, Debian 11, Debian 12, and TencentOS Server 3.1 are supported by the baseline check feature.

Advanced, Enterprise, and Ultimate

2024-06-19

Baseline check

Feature iteration

The maximum size of a weak password file that you can upload is increased to 40 KB.

Advanced, Enterprise, and Ultimate

2024-06-07

Baseline check

Installation of the Security Center agent

Feature iteration

Kylin V7 and Red Hat Enterprise Linux (RHEL) 9 are supported for the Security Center agent.

All editions

2024-06-06

Operating systems supported by the Security Center agent

Log analysis

Feature iteration

Agent event logs are supported for delivery and storage.

Security Center editions for which the log analysis feature is enabled

2024-06-06

Log types and log fields of the V1.0 log dictionaries

May 2024

Feature

Category

Description

Involved edition

Release date

References

Container image scan

Feature iteration

The container image scan feature is supported for the China (Ulanqab) region.

Security Center editions for which the container image scan feature is enabled

2024-05-31

Overview of container image scan

Container

Feature iteration

The risk detection results of a single image can be exported.

Ultimate

2024-05-31

Manage container assets

Purchase

Feature iteration

When you purchase Security Center by using the subscription billing method, the Protected Servers and Cores parameters can be specified based on your business requirements. After you purchase Security Center, you can manage the quotas.

Anti-virus, Advanced, Enterprise, and Ultimate

2024-05-30

Manage quotas

Alerts

Feature iteration

The Suspicious process - Suspicious command alert is renamed Suspicious process - Suspicious probe command.

Anti-virus, Advanced, Enterprise, and Ultimate

2024-05-22

Overview of alerts

Application protection

Feature iteration

The text in the panel for attack alert details is optimized.

Security Center editions for which the application protection feature is purchased

2024-05-15

Handle attack alerts

SDK for malicious file detection

Feature iteration

The maximum size of a file that can be checked by the SDK for malicious file detection feature is increased from 20 MB to 100 MB.

Security Center editions for which the SDK for malicious file detection feature is purchased

2024-05-14

SDK for malicious file detection

Configuration assessment

Feature iteration

  • The number of check items that you can use free of charge is increased from 25 to more than 60. The check items are provided free of charge in Security Center Basic.

  • These check items do not consume your purchased quota.

Security Center editions for which the quota for the configuration assessment feature is purchased or the feature is enabled by using the pay-as-you-go billing method

2024-05-11

Overview of configuration assessment

Threat analysis and response

Feature iteration

The time picker and filter conditions on the Security Event Handling page are optimized.

Security Center editions for which the threat analysis and response feature is enabled

2024-05-09

Handle security events

April 2024

Feature

Category

Description

Involved edition

Release date

References

Threat analysis and response

Feature iteration

  • Tiered pricing is used for the log data that is added to the threat analysis and response feature. You are charged based on the size of logs that you deliver for hot storage.

  • The threat analysis and response feature decouples the analysis and handling capabilities, such as alerting, security event handling, and SOAR, from the log storage capability. This allows you to choose whether to purchase log storage capacity.

  • A global administrator account can be configured to manage all security events in multiple Alibaba Cloud accounts in a centralized manner.

Security Center editions for which the threat analysis and response feature is enabled

2024-04-26

[Notice] Billing rules of the threat analysis and response feature are changed

Application protection

New feature

The in-memory webshell prevention feature is added to detect threats that are hidden in memory.

Security Center editions for which the application protection feature is enabled

2024-04-17

Use the in-memory webshell prevention feature

Configuration assessment

Feature iteration

Quick fixing is provided for more than 50 check items.

Security Center editions for which the quota for the configuration assessment feature is purchased or the feature is enabled by using the pay-as-you-go billing method

2024-04-17

Use the configuration assessment feature

Anti-ransomware (bait capture)

Feature iteration

Linux servers are supported.

Advanced, Enterprise, and Ultimate

2024-04-17

Enable features on the Host Protection Settings tab

Baseline check

Feature iteration

The baseline type of Center for Internet Security (CIS) compliance is renamed internationally agreed best practices for security.

Advanced, Enterprise, and Ultimate

2024-04-11

Baseline check

SDK for malicious file detection

Feature iteration

File packages can be decompressed for malicious file detection.

Security Center editions for which the SDK for malicious file detection feature is enabled

2024-04-11

SDK for malicious file detection

Threat analysis and response - Log management

New feature

  • The Log Search page is renamed Log Management.

  • The log search capability is renamed hot data.

  • Cold data storage is added to the log management feature to provide storage capabilities at lower storage costs.

Security Center editions for which the threat analysis and response feature is enabled

2024-04-02

Manage logs

Configuration assessment

Feature iteration

In the Security Center console, Alibaba Cloud accounts on the China site (aliyun.com) can be used to perform checks related to Resource Access Management (RAM) only on assets that reside in regions in China, and Alibaba Cloud accounts on the international site (alibabacloud.com) can be used to perform RAM-related checks only on assets that reside in regions outside China. The historical scan results are retained in the regions of the assets.

Security Center editions for which the quota for the configuration assessment feature is purchased or the feature is enabled by using the pay-as-you-go billing method

2024-04-01

[Configuration assessment] RAM-related check items are supported only in the regions where Alibaba Cloud accounts are created

March 2024

Feature

Category

Description

Involved edition

Release date

References

Threat analysis and response

Feature iteration

The threat analysis feature is renamed threat analysis and response.

Security Center editions for which the threat analysis and response feature is enabled

2024-03-29

Overview of threat analysis and response

Container file protection

Feature iteration

A process whitelist and a file path whitelist can be configured during the creation of a rule for container file protection.

Ultimate

2024-03-19

Use the container file protection feature

SDK for malicious file detection

Feature iteration

Adware, cracking programs, and private game servers can be detected.

Security Center editions for which the SDK for malicious file detection feature is enabled

2024-03-01

Supported virus types

February 2024

Feature

Category

Description

Involved edition

Release date

References

Core file monitoring

Feature iteration

Alert notifications by using DingTalk chatbots are supported for the core file monitoring feature.

Enterprise and Ultimate

2024-02-23

Configure notification settings

Baseline check

Feature iteration

Custom weak password rules can be added to existing weak password rules.

Advanced, Enterprise, and Ultimate

2024-02-22

Add custom weak password rules

Application protection

Feature iteration

  • A protection policy group can be configured to manage the check types and the detection modes in a fine-grained manner. The detection modes are standard, loose, and strict.

  • The whitelist entry point is added on the Application Protection > Attack Alerts tab.

Security Center editions for which the application protection feature is enabled

2024-02-22

Use the application protection feature

Configuration assessment

Feature iteration

The pay-as-you-go billing method is supported.

All editions

2024-02-19

Overview of configuration assessment

Agentless detection

Feature iteration

The agentless detection feature is available for commercial use and is no longer free of charge. If you have enabled this feature free of charge, you can use this feature free of charge until the end of the public preview on March 5, 2024. After the public preview ends, you must enable this feature by using the pay-as-you-go billing method to use this feature.

All editions

2024-02-02

Public preview of agentless detection ends

January 2024

Feature

Category

Description

Involved edition

Release date

References

Security report

Feature iteration

The Security Report page in the Security Center console is optimized.

Advanced, Enterprise, and Ultimate

2024-01-31

Security report

Overview

Feature iteration

The content of the security information module is optimized.

All editions

2024-01-29

Overview

Risk governance

Feature iteration

The risk management module is renamed risk governance.

All editions

2024-01-26

None

Configuration assessment

Feature iteration

If you do not purchase a quota for configuration assessment, 25 check items are provided free of charge.

All editions

2024-01-19

Overview of configuration assessment

Vulnerability management

Feature iteration

The Show Only Exploitable Vulnerabilities feature is supported when you select Outside China as the region of the asset that you want to protect.

All editions

2024-01-05

View and handle vulnerabilities

Security Center release notes

For more information about the release notes of Security Center earlier than 2024, see Release notes (earlier than 2024).